Cumulative patch from commit f4626235de4b6d19c7399a2522241f7c43e0caf6
f462623 EAP-pwd server: Allow fragment_size to be configured
c876dcd EAP-IKEv2: Allow frag ack without integrity checksum
0f73c64 EAP-pwd: Fix processing of group setup failure
13e2574 EAP-pwd peer: Export Session-Id through getSessionId callback
cfdb32e eapol_test: Check EAP-Key-Name
251c53e RADIUS: Define EAP-Key-Name
04cad50 EAP-SIM peer: Fix counter-too-small message building
270c9a4 Interworking: Allow FT to be used for connection
81ed499 Remove duplicated ibss_rsn_deinit() call
144f104 X.509: Fix v3 parsing with issuerUniqueID/subjectUniqueID present
0f1034e P2P: Refrain from performing extended listen during P2P connection
8d0dd4e Add macsec_qca driver wrapper
dd10abc MACsec: wpa_supplicant integration
887d9d0 MACsec: Add PAE implementation
7baec80 MACsec: Add driver_ops
4e9528c MACsec: Add common IEEE 802.1X definitions
3bcfab8 MACsec: Add define for EAPOL type MKA
0836c04 MACsec: Allow EAPOL version 3 to be configured
49be483 Add function to fetch EAP Session-Id from EAPOL supplicant
ea40a57 nl80211: Use max associated STAs information in AP mode
Change-Id: I0e37a10ca58d0dc1be95a0088d6a4c37b2505ad4
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 81fbdfb..243787f 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -81,6 +81,8 @@
# to make wpa_supplicant interoperate with these APs, the version number is set
# to 1 by default. This configuration value can be used to set it to the new
# version (2).
+# Note: When using MACsec, eapol_version shall be set to 3, which is
+# defined in IEEE Std 802.1X-2010.
eapol_version=1
# AP scanning/selection
@@ -97,6 +99,8 @@
# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
# APs (i.e., external program needs to control association). This mode must
# also be used when using wired Ethernet drivers.
+# Note: macsec_qca driver is one type of Ethernet driver which implements
+# macsec feature.
# 2: like 0, but associate with APs using security policy and SSID (but not
# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
# enable operation with hidden SSIDs and optimized roaming; in this mode,
@@ -675,8 +679,16 @@
# bit0 (1): require dynamically generated unicast WEP key
# bit1 (2): require dynamically generated broadcast WEP key
# (3 = require both keys; default)
-# Note: When using wired authentication, eapol_flags must be set to 0 for the
-# authentication to be completed successfully.
+# Note: When using wired authentication (including macsec_qca driver),
+# eapol_flags must be set to 0 for the authentication to be completed
+# successfully.
+#
+# macsec_policy: IEEE 802.1X/MACsec options
+# This determines how sessions are secured with MACsec. It is currently
+# applicable only when using the macsec_qca driver interface.
+# 0: MACsec not in use (default)
+# 1: MACsec enabled - Should secure, accept key server's advice to
+# determine whether to use a secure session or not.
#
# mixed_cell: This option can be used to configure whether so called mixed
# cells, i.e., networks that use both plaintext and encryption in the same
@@ -1341,3 +1353,17 @@
network={
key_mgmt=NONE
}
+
+
+# Example MACsec configuration
+#network={
+# key_mgmt=IEEE8021X
+# eap=TTLS
+# phase2="auth=PAP"
+# anonymous_identity="anonymous@example.com"
+# identity="user@example.com"
+# password="secretr"
+# ca_cert="/etc/cert/ca.pem"
+# eapol_flags=0
+# macsec_policy=1
+#}